conf: add BasicAuthRealm feature (#547)

makes BasicAuth realm string editable in config file.

closes #235
This commit is contained in:
Robert Grumann 2024-07-14 13:38:25 +02:00 committed by GitHub
parent d652ed8538
commit 73da8a35a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 50 additions and 12 deletions

View File

@ -239,6 +239,14 @@ access is only granted for authenticated users.
BasicAuth user password BasicAuth user password
=item B<BasicAuthRealm>
In case "BasicAuth" is configured, the "realm" information.
"Proxy Authentication Required" status http 407 "error-response" can be
customized.
- defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
=item B<AddHeader> =item B<AddHeader>
Configure one or more HTTP request headers to be added to outgoing Configure one or more HTTP request headers to be added to outgoing
@ -420,7 +428,7 @@ This manpage was written by the Tinyproxy project team.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright (c) 1998-2020 the Tinyproxy authors. Copyright (c) 1998-2024 the Tinyproxy authors.
This program is distributed under the terms of the GNU General Public This program is distributed under the terms of the GNU General Public
License version 2 or above. See the COPYING file for additional License version 2 or above. See the COPYING file for additional

View File

@ -205,6 +205,13 @@ Allow ::1
# users. # users.
#BasicAuth user password #BasicAuth user password
# BasicAuthRealm : In case BasicAuth is configured, the "realm" information.
# "Proxy Authentication Required" status http 407 "error-response" can be
# customized.
#
# - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
#BasicAuthRealm "Tinyproxy"
# #
# AddHeader: Adds the specified headers to outgoing HTTP requests that # AddHeader: Adds the specified headers to outgoing HTTP requests that
# Tinyproxy makes. Note that this option will not work for HTTPS # Tinyproxy makes. Note that this option will not work for HTTPS

View File

@ -57,6 +57,7 @@ config_directive_find (register const char *str, register size_t len)
{"connectport", CD_connectport}, {"connectport", CD_connectport},
{"logfile", CD_logfile}, {"logfile", CD_logfile},
{"basicauth", CD_basicauth}, {"basicauth", CD_basicauth},
{"basicauthrealm", CD_basicauthrealm},
{"addheader", CD_addheader}, {"addheader", CD_addheader},
{"maxrequestsperchild", CD_maxrequestsperchild} {"maxrequestsperchild", CD_maxrequestsperchild}
}; };

View File

@ -44,6 +44,7 @@ allow, CD_allow
deny, CD_deny deny, CD_deny
bind, CD_bind bind, CD_bind
basicauth, CD_basicauth basicauth, CD_basicauth
basicauthrealm, CD_basicauthrealm
errorfile, CD_errorfile errorfile, CD_errorfile
addheader, CD_addheader addheader, CD_addheader
filter, CD_filter filter, CD_filter

View File

@ -29,6 +29,7 @@ CD_allow,
CD_deny, CD_deny,
CD_bind, CD_bind,
CD_basicauth, CD_basicauth,
CD_basicauthrealm,
CD_errorfile, CD_errorfile,
CD_addheader, CD_addheader,
CD_filter, CD_filter,

View File

@ -122,6 +122,7 @@ static HANDLE_FUNC (handle_disabled_feature)
static HANDLE_FUNC (handle_allow); static HANDLE_FUNC (handle_allow);
static HANDLE_FUNC (handle_basicauth); static HANDLE_FUNC (handle_basicauth);
static HANDLE_FUNC (handle_basicauthrealm);
static HANDLE_FUNC (handle_anonymous); static HANDLE_FUNC (handle_anonymous);
static HANDLE_FUNC (handle_bind); static HANDLE_FUNC (handle_bind);
static HANDLE_FUNC (handle_bindsame); static HANDLE_FUNC (handle_bindsame);
@ -193,6 +194,7 @@ struct {
regex_t *cre; regex_t *cre;
} directives[] = { } directives[] = {
/* string arguments */ /* string arguments */
STDCONF (basicauthrealm, STR, handle_basicauthrealm),
STDCONF (logfile, STR, handle_logfile), STDCONF (logfile, STR, handle_logfile),
STDCONF (pidfile, STR, handle_pidfile), STDCONF (pidfile, STR, handle_pidfile),
STDCONF (anonymous, STR, handle_anonymous), STDCONF (anonymous, STR, handle_anonymous),
@ -294,6 +296,7 @@ void free_config (struct config_s *conf)
char *k; char *k;
htab_value *v; htab_value *v;
size_t it; size_t it;
safefree (conf->basicauth_realm);
safefree (conf->logf_name); safefree (conf->logf_name);
safefree (conf->stathost); safefree (conf->stathost);
safefree (conf->user); safefree (conf->user);
@ -481,6 +484,7 @@ static void initialize_config_defaults (struct config_s *conf)
* (FIXME: Should have a better API for all this) * (FIXME: Should have a better API for all this)
*/ */
conf->errorpages = NULL; conf->errorpages = NULL;
conf->basicauth_realm = safestrdup (PACKAGE_NAME);
conf->stathost = safestrdup (TINYPROXY_STATHOST); conf->stathost = safestrdup (TINYPROXY_STATHOST);
conf->idletimeout = MAX_IDLE_TIME; conf->idletimeout = MAX_IDLE_TIME;
conf->logf_name = NULL; conf->logf_name = NULL;
@ -634,6 +638,11 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
* *
***********************************************************************/ ***********************************************************************/
static HANDLE_FUNC (handle_basicauthrealm)
{
return set_string_arg (&conf->basicauth_realm, line, &match[2]);
}
static HANDLE_FUNC (handle_logfile) static HANDLE_FUNC (handle_logfile)
{ {
return set_string_arg (&conf->logf_name, line, &match[2]); return set_string_arg (&conf->logf_name, line, &match[2]);

View File

@ -39,6 +39,7 @@ typedef struct {
*/ */
struct config_s { struct config_s {
sblist *basicauth_list; sblist *basicauth_list;
char *basicauth_realm;
char *logf_name; char *logf_name;
unsigned int syslog; /* boolean */ unsigned int syslog; /* boolean */
unsigned int port; unsigned int port;

View File

@ -172,21 +172,31 @@ int send_http_error_message (struct conn_s *connptr)
"<p><em>Generated by %s.</em></p>\n" "</body>\n" "<p><em>Generated by %s.</em></p>\n" "</body>\n"
"</html>\n"; "</html>\n";
const char p_auth_str[] =
"Proxy-Authenticate: Basic realm=\""
PACKAGE_NAME "\"\r\n";
const char w_auth_str[] =
"WWW-Authenticate: Basic realm=\""
PACKAGE_NAME "\"\r\n";
/* according to rfc7235, the 407 error must be accompanied by /* according to rfc7235, the 407 error must be accompanied by
a Proxy-Authenticate header field. */ a Proxy-Authenticate header field. */
const char *add = connptr->error_number == 407 ? p_auth_str : const char *auth_str_type =
(connptr->error_number == 401 ? w_auth_str : ""); connptr->error_number == 407 ? "Proxy-Authenticate" :
(connptr->error_number == 401 ? "WWW-Authenticate" : "");
const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n";
char* auth_str_add = NULL;
if (auth_str_type[0] != 0) {
int auth_str_size = snprintf (NULL, 0, auth_str_tpl,
auth_str_type, config->basicauth_realm) + 1;
if (auth_str_size > 0) {
auth_str_add = safemalloc (auth_str_size);
if (auth_str_add != NULL) {
snprintf (auth_str_add, auth_str_size, auth_str_tpl,
auth_str_type, config->basicauth_realm);
}
}
}
send_http_headers (connptr, connptr->error_number, send_http_headers (connptr, connptr->error_number,
connptr->error_string, add); connptr->error_string, auth_str_add ? auth_str_add : "");
if (auth_str_add) safefree (auth_str_add);
error_file = get_html_file (connptr->error_number); error_file = get_html_file (connptr->error_number);
if (!error_file || !(infile = fopen (error_file, "r"))) { if (!error_file || !(infile = fopen (error_file, "r"))) {